Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Anonymous users aren't able to view DAGs even with Admin Role
See original GitHub issueApache Airflow version: 2.0.0 (Current master)
Kubernetes version (if you are using kubernetes) (use kubectl version):
Environment:
- Cloud provider or hardware configuration:
- OS (e.g. from /etc/os-release): Ubuntu 20.04.1 LTS
- Kernel (e.g.
uname -a): Linux ubuntu 5.4.0-58-generic #64-Ubuntu SMP Wed Dec 9 08:16:25 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux - Install tools:
- Others:
webserver_config.py file config:
# Uncomment to setup Public role name, no authentication needed
AUTH_ROLE_PUBLIC = 'Admin'
What happened:
After disabling the authentication, all users are identified as “Anonymous User” and no dags are load on the screen because there is a method that returns an empty set for roles when a user is anonymous.
views.py file:
# Get all the dag id the user could access
filter_dag_ids = current_app.appbuilder.sm.get_accessible_dag_ids(g.user)
security.py file:
def get_accessible_dags(self, user_actions, user, session=None):
"""Generic function to get readable or writable DAGs for authenticated user."""
if user.is_anonymous:
return set()
user_query = (
session.query(User)
.options(
joinedload(User.roles)
.subqueryload(Role.permissions)
.options(joinedload(PermissionView.permission), joinedload(PermissionView.view_menu))
)
.filter(User.id == user.id)
.first()
)
resources = set()
for role in user_query.roles:
...
What you expected to happen:
Since the option to disable login exists, I expect that all anonymous users have the Role specified in the webserver_config.py file in the AUTH_ROLE_PUBLIC entry.
It will make anonymous users able to see/edit dags if the roles specified as the default for anonymous users match the DAG roles.
How to reproduce it:
Set the following entry in webserver_config.py file config to disable authentication and make all users anonymous with the 'Admin" role:
# Uncomment to setup Public role name, no authentication needed
AUTH_ROLE_PUBLIC = 'Admin'
With the current master branch installed, run
airflow webserver
No DAGs will appear:
Anything else we need to know:
The methods have explicit comments about being used for authenticated user:
def get_accessible_dags(self, user_actions, user, session=None):
"""Generic function to get readable or writable DAGs for authenticated user."""
But there is no way for anonymous users to be able to see DAGs on the screen without modifying the behavior of this method.
Issue Analytics
- State:
- Created 3 years ago
- Comments:12 (12 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@AmarEL I assigned you to this ticket.
@AmarEL Are you willing to submit a PR?